Hello everyone,
i would like to know if it’s possible to encrypt the hibernate.properties file of dhis-live. If Yes, How can i do it?
Sincerely
···
=========================
Guy
It is not possible. Since dhis-live is meant to be run on a stand-alone system, why would you need to encrypt it? Are you looking to protect this from other users who have access to the local system itself? Best thing (on Windows) would to be sure the directory is owned by the user who is executing dhis-live, and no other users have access to this directory.
Regards,
Jason
···
On Wed, Oct 22, 2014 at 10:40 AM, Guy Ekani constyekani@yahoo.fr wrote:
Hello everyone,
i would like to know if it’s possible to encrypt the hibernate.properties file of dhis-live. If Yes, How can i do it?
Sincerely
Guy
=========================
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
–
Jason P. Pickering
email: jason.p.pickering@gmail.com
tel:+46764147049
Hi Guy
I am not sure if it really practical to encrypt the hibernate.properties file. Though certainly it is very important to protect it which should be done by placing access control restrictions on it. Essentially only the user which is running the tomcat process should have read access to the file. This is done by default when using dhis2-tools on ubuntu linux for example.
Are you using dhis-live in a production server environment? This is not generally recommended, but if you are then you should certainly use the access control mechanisms of your system to protect access to the database password.
A level of encryption you could apply is to place the file on an encrypted filesystem, which would protect for example against someone getting access to the disk…
Regards
Bob
···
On 22 October 2014 09:40, Guy Ekani constyekani@yahoo.fr wrote:
Hello everyone,
i would like to know if it’s possible to encrypt the hibernate.properties file of dhis-live. If Yes, How can i do it?
Sincerely
Guy
=========================
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
Yes Jason, its possible. The Guy is looking either to encrypt hibernate.property file
using some encryption technique and make it protected from UNauthenticated access,
However this can be done with some efforts by developers. But Mr. Guy, question should
be not like it can be done or not, perhaps should be, does it makes some generic sense !
- This can works by providing some selective option in DHIS2-Live UI from where
superuser can perform selective action for accessing global variable contents either
available in hibernate.property file or from other source stored somewhere else where
application should read during application start-up routine execution.
···
-
This can be fixed with some hard coding approach, but this should not be like generic approach.
-
Look hibernate.property file is playing role like an interface from where deployed tomcat DHIS2-Live
application searches its specific meta data info either it could be available in flat file system or in attached
database whatever it could be MySQL, DB2, H2 or PostGRES etc.
This issue has been raised many times on list and discussions in past, but still open and suppressed
every time on list. I am sure the first approach is practical however should not be used in general use case.
Regards
BM
On Wed, Oct 22, 2014 at 2:26 AM, Jason Pickering jason.p.pickering@gmail.com wrote:
It is not possible. Since dhis-live is meant to be run on a stand-alone system, why would you need to encrypt it? Are you looking to protect this from other users who have access to the local system itself? Best thing (on Windows) would to be sure the directory is owned by the user who is executing dhis-live, and no other users have access to this directory.
Regards,
Jason
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
On Wed, Oct 22, 2014 at 10:40 AM, Guy Ekani constyekani@yahoo.fr wrote:
Hello everyone,
i would like to know if it’s possible to encrypt the hibernate.properties file of dhis-live. If Yes, How can i do it?
Sincerely
Guy
=========================
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
Jason P. Pickering
email: jason.p.pickering@gmail.com
tel:+46764147049
–